remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security: admin radio routes now require auth+admin.security, CORS default no longer wildcard, README security section

Browse Source
This commit is contained in:
root
2026-06-04 20:46:07 +02:00
parent 8a324b3082
commit 4d8d22f40a
3 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/cors.php
+2 -2
View File
@@ -21,11 +21,11 @@ return [
'allowed_methods' => array_filter(array_map(trim(...), explode(',', (string) env('CORS_ALLOWED_METHODS', 'GET,POST,PUT,PATCH,DELETE,OPTIONS'))), fn ($v) => $v !== ''),
'allowed_origins' => array_filter(array_map(trim(...), explode(',', (string) env('CORS_ALLOWED_ORIGINS', '*'))), fn ($v) => $v !== ''),
'allowed_origins' => array_filter(array_map(trim(...), explode(',', (string) env('CORS_ALLOWED_ORIGINS', ''))), fn ($v) => $v !== ''),
'allowed_origins_patterns' => [],
'allowed_headers' => array_filter(array_map(trim(...), explode(',', (string) env('CORS_ALLOWED_HEADERS', '*'))), fn ($v) => $v !== ''),
'allowed_headers' => array_filter(array_map(trim(...), explode(',', (string) env('CORS_ALLOWED_HEADERS', 'Content-Type,Authorization,X-Requested-With'))), fn ($v) => $v !== ''),
'exposed_headers' => [],